What CPU information is displayed in Immunity Debugger?
The CPU window displays the memory address, opcode and assembly instructions, additional comments and function names and other information related to CPU instructions.
What Register information is displayed in Immunity Debugger?
The Register window displays the general purpose registers, instruction pointer and flags associated with the current state of the application.
What Stack information is displayed in Immunity Debugger?
The Stack window displays the contents of the current stack in memory.
What Memory Dump information is displayed in Immunity Debugger?
The Memory Dump window displays the contents of the application’s memory.
What are the 8 CPU Registers?
EAX, EBX, ECX, EDX, EDI, ESI, EBP, and ESP.
What is the EAX register?
The EAX, or “The Accumulator Register” is the primary register used for calculations e.g. ADD or SUB. EAX uses efficient, one-byte opcodes, making it preferential for writing shellcode which uses limited buffer space. EAX is also used to store the return value of a function.
How is each E{A,B,C,D}X register segmented?
EAX refers to the complete 32-bit register. {A,B,C,D}X refers to the least significant 16-bits. {A,B,C,D}H refers to the most significant 8-bits of the {A,B,C,D}X. {A,B,C,D}L refers to the least significant 8-bits of the {A,B,C,D}X.
What is the EBX register?
The EBX, or “The Base Register” is a catch-all for available storage. It 32-bit architecture, it does not have a special purpose.
What is the ECX Register?
The ECX, or “The Counter Register” is frequently used as a function and loop repetition counter, although it can be used to store any data.
What is the EDX Register?
The EDX, or “The Data Register” is a partner to the EAX register. It is often used in mathematical operations such as division and multiplication. The most significant bits are stored in EDX, and the least in EAX. Also commonly used for storing function variables.
What is the ESI Register?
The ESI, or “The Source Index” is used to store the pointer to a read location.
what is the EDI Register?
The EDI, or “The Destination Index” was primarily designed to store the storage pointers of functions, such as the write address of a string operation.
What is the EBP Register?
The EBP, or “The Base Pointer” is used to keep track of the bottom/base of the stack. It is used to reference variables on the stack, which are expressed as an offset to the current value of EBP.
What is the ESP Register?
The ESP, or “The Stack Pointer” is used to keep track of the top of the stack. As items are moved to and from the stack, the value of ESP increments and decrements accordingly.
What is the EIP Register?
The EIP, or “The Instruction Pointer” points to the memory address of the next instruction to be executed by the CPU. Controlling the value of EIP allows an attacker to control the execution flow of the application.
